If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ATTENTION: Windows 10 users

Beta 2 build is now available!

If you just upgraded to Windows 10 or running build 10240 or greater of Win 10 pre-release you will need to download and install the new version of ZoneAlarm 14.0.157.000

[SOLVED] Internet Logs "more info" Shows 'wrong info'

When I access the firewaLL log and highlight an entry and then click 'more info', I am taken to Smartdefense Advisor (http://fwalerts.zonealarm.com/fwanalyze.jsp?record ...etc.). When I click "Technical Info" on that page I get a list of information about the connection attempt. Invariably, the port numbers listed for the source ip address and the destination ip are different from the firewall log entries. This is very strange. I am wondering if this could mean that the firewall links have been hacked to supply the wrong information. I am using Zonealarm Free 11.0.00.504. I noticed the same strange behavior with my prior version (11.0.00.20) All the other information supplied on the SmartDefense page seems plausible. There are no proxies involved. Knowing Zonealarms accuracy I fear that the program has been tampered with though the program was updated and installed through the Zonealarm website. Is there an explanation or fix for this?

Re: Internet Logs "more info" Shows 'wrong info' (see attachments)

Originally Posted by winndb

I fear that the program has been tampered?

No, just a UI bug. When you push "more info" a string is sent within the http address with all the information about the log. This is then translated into a more readable form into those website tabs. Somewhere across the chain there is bug. Either the log are translated wrong or the website reads the string wrongly.

Just trust the information in your ZA logs rather than the one on the website. Or read the one on the website with the real logs in mind. It seems that only the ports information is misinterpreted by the web.

Re: [BUG] Internet Logs "more info" Shows 'wrong info'

Indeed, better to report directly to development team as collecting information about who has the same problem in here will not help to resolve it or to make ZA staff more aware of the GUI issue. They may also need to collect logs as it may be specific to certain PC configurations. More people reporting it more likely they will look at it earlier than later. Thanks, Fax

Re: [BUG] Internet Logs "more info" Shows 'wrong info'

"ZONEALARM USER FORUM" "Provides 'USERS' of all ZoneAlarm products a place to share ideas and support 'each other'" .
----------------------------------
I doubt many people will install the beta just to test for this. Hopefully some will. It could be specific to my configuration or installation, which is why I wanted to know if other FORUM MEMBERS have also experienced it. This can be reported on the SmartDefense Advisor page via the "provide more feedback" link.
Thank you MODERATORS.
-----------------------------------------------
I had done a complete deletion of the older version and used ZA cleaner before installing the new free edition 11.0.000.504 Now the firewall log viewer has stopped displaying firewall entries in real time. Entries are lagging by approximately 24 hours behind current time.. if they show up at all. I have found that a service "TrueVector basic logging client" is installed but does not function.The file that it points to "minilog.exe" is missing and replaced by this entry in C:\WINDOWS\system32\ZoneLabs\"vsmon.RPT". This "vsmon.rpt file has "0" data. It is the only entry in C:\WINDOWS\system32\ZoneLabs. The rest of C:\WINDOWS\system32\ZoneLabs\ is empty. This is the reason I used the term "tampered". I am a Zonealarm user for over ten years. There are numerous other anomalies with this particular installation. I am seeking to interact with other users to find out if these are general problems or if they have to do specifically with the Zonealarm Free Firewall installation on MY system.This should be the correct forum to discuss these things. ?

Re: [BUG] Internet Logs "more info" Shows 'wrong info'

Not really as only ZA knows the design of the software, so whatever input you will get here from other users will not mirror the reality and will be just speculations and probably giving you a false sense of security/insecurity. What you describe is just bugs (logs, files, delays) and these issues can only be fixed by ZA staff and not users.

As the free firewall offer no support your only chance is to use the beta and feedback directly the development team with your findings.

Unless you have more information related to the original purpose of this thread (wrong logs) I will close soon this thread as we said all that could be said about the issue.

Re: [BUG] Internet Logs "more info" Shows 'wrong info'

Resolved the problems with my ZAFREE Firewall installation without installing the Beta.
I once again ran Zclean and did a full uninstall/reinstall, updating to the newest version
11.0.768.000. Even after this the same problems and anomalies persisted.
I reviewed the installation logs and ran a system search for the driver 'VSDATANT.sys'.
Device manager indicated that the file was not properly installed.

There were two different versions of this file.
C:\Program Files\CheckPoint\ZoneAlarm\drivers\winxp_32\VSDATA NT.sys version 11.0.768.0
C:\WINDOWS\system32\drivers\VSDATANT.sys version 11.0.764.0
C:\WINDOWS\system32\VSDATANT.sys version 11.0.764.0
Apparently, the reinstallation process was failing to remove/update the two files in system32.
I replaced them with the newer version and uninstalled and reinstalled the vsdatant,sys driver.

Then made or verified registry entries:
------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\vsdatant\Enum]
"0"="Root\\LEGACY_VSDATANT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
--------------------------------------------------
I also deleted the 'minilog service' entry.(missing file) and some
other misc. old ZA files and data.

After rebooting, the ZAFREE installation functions properly and reliably.
This does not appear to be a Zonealarm software 'BUG' and may be pertinent only to my system which had
accumulated some files and registry entries from prior ZA installations even though I used ZClean.
---------------------------------------------------
Windows XP Home Edition sp3 fully updated,Avast anti-virus 8.0.1489.
winndb.